Cognitive Model for Assessing the Security of Information Systems for Various Purposes

This article substantiates the relevance of the development of a cognitive model for assessing the security of information systems for various purposes, designed to support decision-making by officials of information security management bodies. The article analyzes scientific papers and research in this area, formulates the requirements for the functional capabilities of the model, and investigates and identifies the most appropriate modeling tools, based on the symmetry property that develops from integrated ontological and neuro-Bayesian models; typical clusters of information systems; tactics and techniques for the implementation of information security threats through the vulnerabilities of objects at various levels of the International Organization of Standardization/Open Systems Interconnection model (the ISO/OSI model); protective influences; and attacking influences. This approach allowed us to identify such objects of influence and their current vulnerabilities and scenarios for the implementation of information security threats; to calculate the joint probability distribution of information security events of various origins; and to simulate the process of operational management of information security.